SAP Thought Leadership Paper/SAP Mobile Services
How MNOs Can Maximize Monetization of A2P
and P2A Messaging
Securing Messaging Services – The Key Driver for
Maximizing Monetization
Table of Contents
3
Overview
4
The impact of growing A2P messaging on MNO revenues
5
The SMS firewall: Enabling the monetization of the growing A2P
6
Aspects for MNOs to consider while selecting an SMS firewall solution
6
Solution type
7
Solution deployment
8
Fraud mitigation capabilities
9
Conclusion
2 / 10
How MNOs can maximize monetization of A2P and P2A messaging
Overview : In recent years, mobile network operators
(MNOs) and mobile virtual network operators
(MVNOs) have undergone a turbulent phase in terms
of revenues. While network expansion demands
have increased CAPEX and OPEX, revenues have not
been proportional with voice and messaging usage,
decreasing after 2012 while over-the-top (OTT)
services have grown almost exponentially. Mobile
broadband and data usage has risen proportionally
with the demand for OTT services to a point where
MNOs and MVNOs feared relegation to wireless and
mobile bit pipe providers.
Over the last few years, SMS-based messaging
has seen a revival, growing to 8.3 trillion messages
(24% of the total messages sent, annually) from 6.7
trillion, which it dipped to after a peak of 9 trillion in
2012. Application-to-person (A2P) messaging and
person-to-application (P2A) messaging have shown
encouraging growth in the last two years, with their
combined revenues rising from 25% to 40% of the
total annual messaging revenue. Juniper Research
estimates that A2P (and P2A)
revenues will reach US$70 billion
by the end of 2016,
indicating a significant
market opportunity.
A2P alone is estimated
to reach 31% of the
total annual messaging
traffic.
3 / 10
How MNOs can maximize monetization of A2P and P2A messaging
The Impact of Growing A2P Messaging on
MNO Revenues
MNOs became part of the Internet ecosystem
with mobile broadband services. Consequently,
connectivity between some elements of MNO
networks, such as Short Message service
centers (SMSCs), included IP interfaces and
opened up e-mail-to-text and text-to-e-mail
messaging. Including IP into the services has
brought in a new set of risks to MNO services.
Specifically, SMS messaging is vulnerable to
identity spoofing, faking, spam, and denial of
service (DoS). These vulnerabilities directly
impact customer experience and satisfaction. A
severe impact on revenues is caused by the use
of gray routes, which cause traffic that cannot
be billed due to the lack of any commercial
agreement . Revenue losses are significant
although the new opportunity for the growth
of A2P messaging volume exists (66% of
messaging traffic is on gray routes).
The use of messaging has evolved from simple
messaging, such as notifications and alerts,
to its use in real-time user authentication,
ticketing, and mobile payments. These new
messaging scenarios are based on a customer’s
identity on the MNO’s network and require
stringent service quality (authenticated
message sources and destinations, timely
and reliable deliveries). Customer needs have
evolved to require near real-time out-of-band
authentication. It is expected that the MNO
services will be increasingly used to supplement
a user’s identity on the Internet. An MNO’s role
in the Internet ecosystem, which was only that
of an access provider, has now become crucial.
Added to this is the very recent deployment
of the Internet of Things (IoT) infrastructure,
which relies on the coverage and access of
the MNO – another opportunity to increase
revenues. Such networks could use the MNO
infrastructure for primary access or for fallback
access. The traffic from such networks is largely
from the IoT devices to an aggregation point on
the Internet. However, control messages to the
devices would use the MNO network.
In summary, the growth of A2P
messaging and its estimated
growth are encouraging
opportunities for monetization,
with the IoT bringing in another
revenue opportunity.
4 / 10
How MNOs can maximize monetization of A2P and P2A messaging
The SMS firewall: Enabling the monetization
of the growing A2P
While the SMS firewall is a mandatory initial
step in optimizing monetization, MNOs should
consider selecting a solution that is both a
network tool and a business tool. The network
tool can perform secure functions, monitoring,
and reporting whereas the business tool can
provide analytics such as characteristics
and trends. The primary checks of such a
firewall include checks of the sender ID and of
the sending global title, and the scanning of
messages for keywords, repetitive content, and
repetitive senders, in addition to other routine
checks.
A selective number of providers offer
sophisticated solutions that correlate
Signaling System No. 7 (SS7) information,
which includes routing capacities (home
routing), unlimited filters’ combination
options, and managed services. These are
important considerations when choosing a
firewall solution.
5 / 10
How MNOs can maximize monetization of A2P and P2A messaging
Aspects for MNOs to consider while
selecting an SMS firewall solution
While various flavors of SMS firewalls are available in the market, MNOs should consider the
following aspects when making their selection:
Solution Type
Table 1 lists available solutions based on their categories.
Category
Description
Signaling Based
Generally offered as an add-on service by carriers or hubs, this type
has basic screening capabilities and is hosted by vendor. If offered by
SS7 providers, all traffic handled by alternative SS7 carriers will not
be filtered. This solution can detect some spam and fraud but is not
efficient for A2P monetization.
Gateway Based
Often hardware based and on premise, these vendors’ solutions offer
similar filtering features to those of the signaling-based type. The
quality of gateway-based solutions varies greatly; certain solutions may
offer extended filtering capabilities for A2P detection. This solution
type generally involves high CAPEX and OPEX; managed services are
not offered.
Integrated Solution
Typically also an in-house solution, it bases added functionality on
already existing mobile network nodes. Generally it consists of a very
limited subset of blocking features integrated on an STP or SMSC. User
interface is basic (potentially command only) and reporting is missing.
Reporting Based
These solutions offer quite powerful reports and analytics but have no
blocking function; MNO will block the unwanted traffic basing on the
info gathered from vendor. Designed for e-mail spam protection, these
solutions fully lack or have limited visibility on SS7 information. This
means, among other things, no faking protection and no origin-based
or MO filtering.
IP Based Solutions
Usually are components in larger security suites of network software,
designed more for security and signaling analysis than revenue
assurance. The ability to aggregate SS7 data and understand the
transactions is restricted. Grey routes can’t be identified and faking
protection is not offered
6 / 10
How MNOs can maximize monetization of A2P and P2A messaging
Home Routing Solutions
The home routing based solution is deployed as a network node with
its own global title. From a logical perspective, it works as a network
node within the operator’s network, even if hosted as a cloud service.
Home routing is the only solution efficiently protecting from faking and
also protecting customers when roaming. Filters and rules flexibility
might vary depending on provider. The main drawback of this solution’s
suppliers is a lack of A2P knowledge. Firewall configuration and tuning
is often left with customer and managed services are rarely part of the
offer.
Table 1: Categories of SMS Firewall Solutions in the Market
MNOs should note that, of all the options
available, only the home routing solutions
offer the complete suite of message scanning,
monitoring, filtering, and protection while
roaming. Home routing solutions are therefore
crucial to achieve full monetization of A2P
as they protect from faking attacks and the
quality of service delivered to the customer
is completely under the control of the
provider. Moreover, as fraud and misuse
techniques constantly evolve, MNOs should
not underestimate the need to keep the firewall
tuned and up to state-of-the-art standards.
In short, update service should be a core
requirement.
Solution Deployment
Another aspect MNOs should take into
consideration while selecting an SMS firewall
solution is deployment since many solutions
are provided either as a standalone hardware
device or as a managed service hosted in a
cloud. Compared to a standalone hardware
device solution, a cloud-based solution offers
reduced CAPEX and OPEX by avoiding large
upfront investments in infrastructure and HR,
respectively. The managed service implies
low service startup costs, which increases the
overall A2P messaging revenues. This enhances
the capability of the managed firewall service
provider to maximize MNO monetization of A2P.
7 / 10
How MNOs can maximize monetization of A2P and P2A messaging
Fraud mitigation capabilities
Table 2 lists the fraud mitigation features that MNOs should look for when selecting an SMS
firewall solution, including a description of the fraud and the solution required for each,
Fraud Type
Description
Mitigation
SMS Faking
Submitting SMSC address is faked.
The destination network cannot
track who sent a message for billing.
Messages with a faked SMSC
address should be identified
and rejected SS7 information
correlation
SMS Spamming
Unsolicited MT messages sent to
the operator´s subscribers. Often
include premium rate number,
e-mail address, or URL.
Content verification through
SMS firewall service, or through
addition of an enhanced content
filtering platform.
SMS Flooding
Large number of messages to
single or multiple subscribers,
create denial of service attacks,
loss of revenue and costs.
Volume of messages sent by
same sender in a set timeframe
are verified and blocked if a
configurable threshold is met.
SMS Malware
Over the air (OTA) or wireless
application protocol (WAP)
push service might cause illicit
downloads and generate excessive
traffic or send premium messages
without the user’s knowledge.
An effective solution should block
OTA and WAP push messages from
untrusted sources
Rule based filtering
Specify rules in the firewall to
match message patterns and
requirements, and perform specific
actions (block or monitor and
route).
Certain types of messages, such
as OTA or WAP push, are used to
distribute software. An effective
solution should block software
download by blocking these types of
messages from untrusted sources.
It should be able to distinguish
and allow this message type from
trusted sources, for example from
the operator itself, while blocking it
from all other sources.
A good firewall solution should
be able to block such senders
but filtering rules could be
bypassed for certain whitelisted
SMSCs.
Alphanumeric and
Short Code sender
Table 2: Common Frauds and the Required Mitigation (from the GSM Association’s official
documents on SMS SS7 Fraud and SMS SS7 Fraud Prevention, document numbers GSM IR 70, 71)
8 / 10
How MNOs can maximize monetization of A2P and P2A messaging
Messaging services have suffered revenue losses due to spam, spoofing, faking, and DoS with
losses due to gray routes having the highest impact. The lack of monitoring and transparency into
messaging, combined with the inability to differentiate illegitimate traffic from legitimate traffic,
severely limits the MNO’s ability to implement quality of messaging service and security required
to realize the full potential of A2P monetization. In fact, a mere 33% of the MNOs are able to
monetize A2P messaging, according to mobilesquared Ltd. The ideal SMS firewall provides both
message monitoring and transparency to implement quality and security required for monetizing
A2P. With an appropriately configured solution, the A2P messaging traffic is accounted, identified,
filtered as required, and delivered. In addition, the firewall can provide invaluable data for
monitoring usage, usage patterns and volumes, and performance as well as customer behavior.
Such analytics provide business intelligence, which the MNO can capitalize on.
Conclusion
MNOs today are attempting to safeguard
their networks and services with a particular
emphasis on security. Businesses are using
MNO network services to extend their services
to customers. Their primary means of customer
engagement is through automated messaging,
termed A2P messaging. A2P messaging is
growing substantially in volume, but there is
revenue loss. Not all of the messaging volume is
monetized. A2P messaging supports services in
real time and MNOs are expected to deliver the
required quality of service. A2P messaging is
increasing in use for authentication support and
mobile payments, both of which require that
the A2P messages be authenticated for their
source and that the integrity of the messages
be preserved.
For such stringent requirements, it is crucial
that MNOs ring-fence their networks to ensure
that all traffic from links that are vulnerable
(mostly grey and black routes over international
SS7) is monitored and checked for origin and
content, and filtered appropriately to provide
good customer experience as well as to
monetize A2P and P2A messages.
The ideal SMS firewall solution to enable
this monetization should be a home
routing solution, offered as a cloud-based
managed service that guarantees ease-ofimplementation and lossless transition. The
managed service ensures continuous tuning of
the firewall services and updating of the firewall
intelligence. Human resources savings for the
MNO are a given since the operational skills
are available as part of the managed service.
Filtering is the key activity in the service, with
continuously updated rules to ensure
precision filtering to enhance customer
experience. Above all, the managed
service ensures a proactive approach
to unknown messaging content and
evolving threats to A2P messaging as
security updates are deployed instantly
to minimize the impact of new threats
that emerge.
9 / 10
No part of this publication may be reproduced or transmitted in any form or for any purpose without the
express permission of SAP SE or an SAP affi liate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are
trademarks or registered trademarks of SAP SE (or an SAP affi liate company) in Germany and other
countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for
additional trademark information and notices. Some software products marketed by SAP SE and its
distributors contain proprietary software components of other software vendors.
National product specifi cations may vary.
These materials are provided by SAP SE or an SAP affi liate company for informational purposes only,
without representation or warranty of any kind, and SAP SE or its affi liated companies shall not be
liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affi
liate company products and services are those that are set forth in the express warranty statements
accompanying such products and services, if any. Nothing herein should be construed as constituting an
additional warranty.
In particular, SAP SE or its affi liated companies have no obligation to pursue any course of business
outlined in this document or any related presentation, or to develop or release any functionality
mentioned therein. This document, or any related presentation, and SAP SE’s or its affi liated companies’
strategy and possible future developments, products, and/or platform directions and functionality are all
subject to change and may be changed by SAP SE or its affi liated companies at any time for any reason
without notice. The information in this document is not a commitment, promise, or legal obligation to
deliver any material, code, or functionality. All forward-looking statements are subject to various risks
and uncertainties that could cause actual results to diff er materially from expectations. Readers are
cautioned not to place undue reliance on these forward-looking statements, which speak only as of their
dates, and they should not be relied upon in making purchasing decisions.